Joshi Amrit Raj

• Lead risk management activities in the areas of application security framework, Issue and action management, Key procedural controls (KPCI).
• Successfully driven risk reduction programs within Wealth management.
• Provide senior management with risk posture and metrics for controls through L1 & L2 risk forums.
• Advice software component managers (SWCM) or risk remediation and risk response.
• Single point of contact and SME for risk management and acted as voice for risk management in governance forum.
• Review the risk assessments and provide guidance on the risk response to the respective teams.
• Act as a Delegate of Head of Technology for risk review.

• Perform IT risk and control self-assessments (RCSAs) and maintain associated documentation.
• Lead risk assessment and planning discussions to define audit objectives, scope, and develop audit programs based on the defined objectives.
• Identify key risks, develop risk assessment plans, determine audit scope and objectives, develop detail audit programs, test controls, document results, and review audit findings with stakeholders.
• Advice senior management and internal control teams to develop and present recommendations and corrective actions to address review and mitigate audit findings
• Review, update, and track action plans for identified risks and treatment plans within the established governance process involving business, audit, legal, and IT stakeholders.
• Conduct monthly IT risk governance forum and represent the division in the global IT risk management governance forum.

· Perform 3rd party vendor risk assessments.

· Identify, evaluate and follow up on remediation of security control weaknesses and reporting on third party security risks, while supporting and advancing business objectives

• Ensure that solutions proposed by technical teams are in line with established organizational standards
• Provide senior-level consultation and direction to functional areas on policy, process and procedures
• Identify, communicate and put in place appropriate mitigation for risks

• Defined & Implemented IT risk management framework, policy, procedures and RCSA and for the bank.
• Integrated IT control assurance and process management team with risk management, enabling management to get holistic view of risk in IT environment and make informed decisions.
• Developed internal/external communication process for risk reporting.
• Conducted periodic control assurance activities to ensure all key controls are effectively tested and all bank IT assets are protected.
• Coordinated with external audit engagements and follow up to close the findings raised by internal audit / external audit.
• Attained PCI DSS certificate for the Bank by ensuring gap assessment is performed and identified gaps are fixed by respective teams before PCI audit.
• Ensured that UAE central bank compliance requirements are met by working with internal teams on understanding the requirements and fulfilling the requirements.
• Performed Risk and Control Self-Assessment (RCSA), testing & reporting of controls compliance status to ORM (Operational Risk Management).
• Tracking and providing C level executives with up to date details on compliance status.
• Follow up and update on progress of CAPA for identified compliance issues.
• Performed gap assessment for IT department documents (Policy, Standard, procedure) and worked with process owners and governance team to address the gaps by documenting.

• Assessed third-party technical controls and risks, delivering robust support to LOBs
• Reviewed third-party vendor legal documentation/processes and identified inconsistencies
• Highlighted information security risks by creating a set of vendor scoping questions
• Optimized vendor applicability and information security process by defining benchmarks and KRIs
• Identified control gaps for suppliers through risk assessment
• Headed compliance monitoring of third-parties, ensuring contract obligations are met
• Highlighted every single detail about service and accordingly drafted control questionnaire based on service provided to client
• Trained members of the team; improved performance at individual and group levels
• Key Contributions:
• Developed capability of Tata Consultancy Services related to third-party risk assessments
• Trained team members on evaluation of technical controls of third parties
• Gained trust of Bank management through technical and managerial experience of risk management
• Effectively managed clients and business relationship managers.

• SuccessFactors
• Directed security operations of six, geographically disbursed production data centres
• Led a team of five members and defined KPIs for performance maximization
• Delivered active functional support by monitoring and managing security incidents, firewalls, security events/technologies, vulnerability assessment, data backups, RSA securid, DLP, Tripwire, IDS, and IPS
• Ensured audit readiness for SSAE16, SAS70, and ISO 27001
• Created policies for disaster recovery and emergency operating procedures
• Promoted change management programmes for continuous operational excellence
• Forwarded technical information and alerts to relevant parties for swift processing
• Liaised with clients to identify requirements for security engagements
• Key Contributions:
• Received a promotion from security analyst to team lead
• Accomplished “Best Employee of the Award” for consistent top performance
• Commended by management for attaining ISO 27001 certification for Indmax IT services
• Spent extended hours in security operations centre to learn about technologies and processes
• Appreciated by client for encouraging talent instead of years of experience
• Implemented technical controls and process, such as DLP, SIEM, end point protection, physical security, and incident management.